Re: AppSense
..."
Surely you can do this with a well setup Windows security policy rather than having to use third party software?..."
Sort of but then you're managing dozens or more of program hashes (for dependent executables and binaries too) or you revert to executable names as updates will alter the hashes and then users can simply rename files.
I should really caveat that - it's been several years since I looked into it on a purely Windows based offering. AppSense just works. And can log.